AI Threat Alert
Data Leakage
Data leakage in AI systems happens at three layers. At training time, models can memorise rare strings from their corpus — phone numbers, passwords, API keys committed to public code — and an attacker who knows the right context can prompt the model to regurgitate them. At inference time, applications often pass sensitive context to third-party APIs (OpenAI, Anthropic, Bedrock) without redaction; this content is then potentially logged, retained, or used to improve future models depending on the vendor's terms. At the application layer, multi-tenant deployments routinely leak across users when caching, logging, or vector-store indexing is misconfigured. Indirect prompt injection compounds all three by giving an attacker a way to ask the model to repeat what it should not. Defenses: PII redaction in prompts and outputs, differential privacy in training, vendor data-use review, and strict tenant boundaries in shared infrastructure.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-6985 | langchain-text-splitters: XXE enables arbitrary file read | langchain-text-splitters | 7.5 |
| HIGH | CVE-2025-8709 | langgraph-checkpoint-sqlite: SQL Injection exposes database | langgraph-checkpoint-sqlite | 7.3 |
| MEDIUM | CVE-2023-1651 | AI ChatBot WP: auth bypass exposes OpenAI config + XSS | wpbot | 5.4 |
| HIGH | CVE-2024-34527 | SolidUI: OpenAI API key exposed via log print statement | 7.5 | |
| HIGH | CVE-2024-0452 | WordPress AI ChatBot: auth bypass enables OpenAI file upload | wpbot | 7.7 |
| LOW | CVE-2024-40594 | ChatGPT macOS: cleartext conversation storage exposed | 2.3 | |
| HIGH | CVE-2024-7714 | AYS ChatGPT WP Plugin: auth bypass disables AI service | 7.5 | |
| MEDIUM | CVE-2025-6716 | Contest Gallery WP Plugin: Stored XSS in OpenAI integration | 6.4 | |
| MEDIUM | CVE-2025-7780 | WordPress AI Engine: SSRF leaks files via OpenAI API | 6.5 | |
| MEDIUM | CVE-2025-60511 | Moodle: IDOR enables unauthorized data access | 4.3 | |
| MEDIUM | CVE-2025-12732 | AI component: Info Disclosure leaks sensitive data | 4.3 | |
| MEDIUM | CVE-2025-14980 | BetterDocs: Info Disclosure leaks sensitive data | 6.5 | |
| HIGH | CVE-2025-65098 | typebot: XSS enables session hijacking | 7.4 | |
| LOW | CVE-2023-1176 | MLflow: path traversal exposes arbitrary local files | mlflow | 3.3 |
| HIGH | CVE-2023-2356 | MLflow: path traversal allows unauthenticated file read | mlflow | 7.5 |
| HIGH | CVE-2023-30172 | MLflow: path traversal exposes arbitrary server files | mlflow | 7.5 |
| CRITICAL | CVE-2023-3765 | MLflow: path traversal allows arbitrary file read | mlflow | 10.0 |
| HIGH | CVE-2023-43472 | MLflow: unauth REST API leaks sensitive ML data | mlflow | 7.5 |
| HIGH | CVE-2024-1558 | MLflow: path traversal enables arbitrary file read | mlflow | 7.5 |
| HIGH | CVE-2024-1594 | MLflow: path traversal via URI fragment reads arbitrary files | mlflow | 7.5 |